New attack can now decrypt satellite phone calls in “real time”

Chinese researchers have discovered a way to rapidly decrypt satellite phone communications — within a fraction of a second in some cases.

The paper, published this week, expands on previous research by German academics in 2012 by rapidly speeding up the attack and showing that the encryption used in popular Inmarsat satellite phones can be cracked in “real time.”

Satellite phones are used by those in desolate environments, including high altitudes and at sea, where traditional cell service isn’t available. Modern satellite phones encrypt voice traffic to prevent eavesdropping. It’s that modern GMR-2 algorithm that was the focus of the research, given that it’s used in most satellite phones today.

The researchers tried “to reverse the encryption procedure to deduce the encryption-key from the output keystream directly,” rather than using the German researchers’ method of recovering an encryption key using a known-plaintext attack.

Using their proposed inversion attack thousands of time on a 3.3GHz satellite stream, the researchers were able to reduce the search space for the 64-bit encryption key, effectively making the decryption key easier to find.

The end result was that encrypted data could be cracked in a fraction of a second.

“This again demonstrates that there exists serious security flaws in the GMR-2 cipher, and it is crucial for service providers to upgrade the cryptographic modules of the system in order to provide confidential communication,” said the researchers.

An Inmarsat spokesperson said Thursday that the company “immediately took action to address the potential security issue and this was fully addressed” in 2012. “We are entirely confident that the issue… has been completely resolved and that our satellite phones are secure,” the spokesperson said.

Matthew Green, a cryptography teacher at Johns Hopkins University, blogged about the German read-collision based technique in 2012. “Satellite telephone security matters,” he said at the time. “In many underdeveloped rural areas, it’s the primary means of communicating with the outside world. Satphone coverage is also important in war zones, where signal privacy is of more than academic interest,” he added.

“They seem to have optimized the 2012 attack so that it’s much faster and requires only about a dozen bytes of ‘known plaintext’,” he said, referring to the encryption of a readable message. Green said that the attack was “fast enough to allow key recovery (and decryption) in real time if one could get the known plaintext.”

“From a scientific perspective it’s a big advance,” Green said, but he noted that “from a practical perspective it’s unclear.”

“So maybe don’t trust satellite phone encryption,” he said. “But I would have said the same thing in 2012.”